[arch-general] CVE-2021-3156 (Heap-Based Buffer Overflow in Sudo)

Matt Compton matt at xhec.us
Fri Jan 29 17:29:09 UTC 2021


I agree it should be a message. I'm curious though, about how often you
update on the server side? By the time I got the announcement the core repo
had pushed that version to me already.

On Fri, Jan 29, 2021 at 12:26 PM Łukasz Michalski via arch-general <
arch-general at lists.archlinux.org> wrote:

> Hi,
>
> Just checked my servers and all were vulnerable:
>
> [zork at archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'`
> malloc(): corrupted top size
> Aborted (core dumped)
>
> Updating to the latest version (sudo-1.9.5.p2-1) closed this
> vulnerability. Maybe this should be posted as arch news message?
>
> Regards,
> Łukasz
>


More information about the arch-general mailing list